witness: userret: returning with the following locks held: exclusive rrwlock inode r = 0 (0xfffffd807a7ef4e8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_write+0x169 vn_lock sys/kern/vfs_vnops.c:561 [inline] #4 vn_write+0x169 sys/kern/vfs_vnops.c:401 #5 dofilewritev+0x1ac sys/kern/sys_generic.c:364 #6 sys_write+0x83 sys/kern/sys_generic.c:284 #7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #7 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #8 Xsyscall+0x128 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 109846 74236 32767 0x10 0 1 syz-executor.0 *359458 74236 32767 0x10 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_warn(2,0,ffffffff81fbc6ff) at witness_warn+0x69e witness_debugger sys/kern/subr_witness.c:2509 [inline] witness_warn(2,0,ffffffff81fbc6ff) at witness_warn+0x69e sys/kern/subr_witness.c:1454 userret(ffff800020b293d8) at userret+0x36a sys/kern/kern_sig.c:1911 syscall(ffff800022bd9980) at syscall+0x44a mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff800022bd9980) at syscall+0x44a sys/arch/amd64/amd64/trap.c:577 Xsyscall(6,5,c,0,3,2e2e1a8b1b0) at Xsyscall+0x128 end of kernel end trace frame: 0x2e527382520, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_warn(2,0,ffffffff81fbc6ff) at witness_warn+0x69e witness_debugger sys/kern/subr_witness.c:2509 [inline] witness_warn(2,0,ffffffff81fbc6ff) at witness_warn+0x69e sys/kern/subr_witness.c:1454 userret(ffff800020b293d8) at userret+0x36a sys/kern/kern_sig.c:1911 syscall(ffff800022bd9980) at syscall+0x44a mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff800022bd9980) at syscall+0x44a sys/arch/amd64/amd64/trap.c:577 Xsyscall(6,5,c,0,3,2e2e1a8b1b0) at Xsyscall+0x128 end of kernel end trace frame: 0x2e527382520, count: -6 ddb{0}> show registers rdi 0 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800022bd96c0 rbx 0xffff800022bd9770 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800020fd4000 rax 0xffff8000009989c0 r8 0xffffffff812f5c53 kprintf+0x173 r9 0x1 r10 0x25 r11 0x9aa289a7c7a24a21 r12 0x3000000008 r13 0xffff800022bd96d0 r14 0x100 r15 0x1 rip 0xffffffff81724388 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022bd96b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=359458 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b29650,0xffff800020b28c80 process=0xffff800020b2a710 user=0xffff800022bd4000, vmspace=0xfffffd806e8f9008 estcpu=36, cpticks=4, pctcpu=0.0 user=0, sys=4, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 74236 109846 15078 32767 7 0x10 syz-executor.0 74236 37256 15078 32767 2 0x4000010 syz-executor.0 74236 409033 15078 32767 2 0x4000010 syz-executor.0 *74236 359458 15078 32767 7 0x4000010 syz-executor.0 74236 91570 15078 32767 2 0x4000010 syz-executor.0 15078 388367 69898 32767 3 0x90 nanosleep syz-executor.0 69898 141945 45367 0 3 0x82 wait syz-executor.0 54080 266866 23197 32767 3 0x90 nanosleep syz-executor.1 23197 462864 45367 0 3 0x82 wait syz-executor.1 46889 458040 0 0 3 0x14200 bored sosplice 45367 229124 25688 0 3 0x82 thrsleep syz-fuzzer 45367 141678 25688 0 2 0x4000482 syz-fuzzer 45367 507119 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 475941 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 304345 25688 0 2 0x4000082 syz-fuzzer 45367 281039 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 216213 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 239812 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 133937 25688 0 3 0x4000082 thrsleep syz-fuzzer 45367 186733 25688 0 3 0x4000082 thrsleep syz-fuzzer 25688 254743 65667 0 3 0x10008a pause ksh 65667 39135 54343 0 3 0x92 select sshd 13493 209810 1 0 3 0x100083 ttyin getty 54343 65173 1 0 3 0x80 select sshd 78072 237206 37769 73 2 0x100010 syslogd 37769 8335 1 0 3 0x100082 netio syslogd 13747 104921 1 77 3 0x100090 poll dhclient 54737 65326 1 0 3 0x80 poll dhclient 38602 242947 0 0 2 0x14200 zerothread 5909 278126 0 0 3 0x14200 aiodoned aiodoned 86963 433850 0 0 3 0x14200 syncer update 10118 60270 0 0 3 0x14200 cleaner cleaner 34444 508680 0 0 3 0x14200 reaper reaper 60337 147073 0 0 3 0x14200 pgdaemon pagedaemon 95944 331196 0 0 3 0x14200 bored crynlk 44190 26487 0 0 3 0x14200 bored crypto 92920 200873 0 0 3 0x40014200 acpi0 acpi0 8420 179963 0 0 3 0x40014200 idle1 97164 285388 0 0 3 0x14200 bored softnet 77231 59214 0 0 3 0x14200 bored systqmp 42534 144266 0 0 3 0x14200 bored systq 15970 47445 0 0 3 0x40014200 bored softclock 8331 86468 0 0 3 0x40014200 idle0 27451 439595 0 0 3 0x14200 bored smr 1 123973 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 74236 (syz-executor.0) thread 0xffff800020b293d8 (359458) exclusive rrwlock inode r = 0 (0xfffffd807a7ef4e8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_write+0x169 vn_lock sys/kern/vfs_vnops.c:561 [inline] #4 vn_write+0x169 sys/kern/vfs_vnops.c:401 #5 dofilewritev+0x1ac sys/kern/sys_generic.c:364 #6 sys_write+0x83 sys/kern/sys_generic.c:284 #7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #7 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #8 Xsyscall+0x128 Process 78072 (syslogd) thread 0xffff800020b61158 (237206) exclusive rrwlock inode r = 0 (0xfffffd806eb951a8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_lock+0x6e sys/kern/vfs_vnops.c:561 #5 sys_fsync+0x114 sys/kern/vfs_syscalls.c:2801 #6 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #6 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9464 6322K 6322K 78643K 11046 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 105 3K 3K 78643K 4649 0 0 ifaddr 36 12K 12K 78643K 643 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 255 0 0 iov 0 0K 28K 78643K 404 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 76K 78643K 3707 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 69 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 483 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 7 21K 33K 78643K 5500 0 0 sigio 0 0K 0K 78643K 54 0 0 proc 41 38K 78K 78643K 4879 0 0 subproc 34 2K 2K 78643K 1717 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 608 0 0 in_multi 33 2K 2K 78643K 1259 0 0 ether_multi 1 0K 0K 78643K 25 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 1924 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 110 22K 33K 78643K 19238 0 0 UVM aobj 130 4K 4K 78643K 150 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 338 0 0 NDP 5 0K 0K 78643K 306 0 0 temp 121 2750K 2862K 78643K 25928 0 0 kqueue 0 0K 0K 78643K 82 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 204 0 198 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 464 0 462 1 0 1 1 0 8 0 rtentry 112 1134 0 1090 2 0 2 2 0 8 0 unpcb 120 2016 0 2008 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 4052 0 4052 1 1 0 1 0 8 0 tcpcb 544 1236 0 1232 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 280 2918 0 2911 5 4 1 2 0 8 0 nd6 48 303 0 297 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4626 0 4434 19 7 12 13 0 8 0 art_table 32 4627 0 4434 2 0 2 2 0 8 0 art_node 16 1133 0 1093 1 0 1 1 0 8 0 sysvmsgpl 40 21 0 19 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 479 0 469 1 0 1 1 0 8 0 shmpl 112 148 0 20 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6995 0 5561 49 2 47 47 0 8 0 ffsino 272 6995 0 5561 96 0 96 96 0 8 0 nchpl 144 13468 0 11837 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 53608 0 53608 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 40783 0 40783 26 25 1 5 0 8 1 plimitpl 152 920 0 910 1 0 1 1 0 8 0 sigapl 432 5374 0 5359 4 2 2 3 0 8 0 futexpl 56 46917 0 46917 1 0 1 1 0 8 1 knotepl 112 3107 0 3088 1 0 1 1 0 8 0 kqueuepl 104 1190 0 1188 1 0 1 1 0 8 0 pipepl 112 3580 0 3561 11 10 1 2 0 8 0 fdescpl 488 5375 0 5359 3 0 3 3 0 8 0 filepl 152 32240 0 32139 21 16 5 7 0 8 1 lockfpl 104 1086 0 1086 7 6 1 1 0 8 1 lockfspl 48 334 0 334 7 6 1 1 0 8 1 sessionpl 112 116 0 106 1 0 1 1 0 8 0 pgrppl 48 160 0 150 1 0 1 1 0 8 0 ucredpl 96 8998 0 8989 1 0 1 1 0 8 0 zombiepl 144 5359 0 5358 2 1 1 1 0 8 0 processpl 896 5391 0 5358 4 0 4 4 0 8 0 procpl 632 14394 0 14348 19 14 5 5 0 8 1 srpgc 64 198 0 198 17 17 0 1 0 8 0 sosppl 128 99 0 99 20 19 1 1 0 8 1 sockpl 384 5505 0 5488 10 7 3 4 0 8 1 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 11 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 18 0 0 2 0 2 2 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 133 0 0 15 1 14 15 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 417 0 0 12 0 12 12 0 8 0 bufpl 256 15326 0 8302 440 0 440 440 0 8 0 anonpl 16 632579 0 625270 154 108 46 46 0 125 9 amapchunkpl 152 44917 0 44829 78 73 5 17 0 158 0 amappl16 192 25902 0 25506 202 170 32 33 0 8 11 amappl15 184 492 0 492 9 9 0 1 0 8 0 amappl14 176 1279 0 1272 1 0 1 1 0 8 0 amappl13 168 978 0 978 7 7 0 1 0 8 0 amappl12 160 557 0 555 10 9 1 1 0 8 0 amappl11 152 1001 0 990 1 0 1 1 0 8 0 amappl10 144 1034 0 1033 1 0 1 1 0 8 0 amappl9 136 2366 0 2363 1 0 1 1 0 8 0 amappl8 128 1748 0 1715 3 1 2 2 0 8 0 amappl7 120 1168 0 1160 1 0 1 1 0 8 0 amappl6 112 725 0 718 1 0 1 1 0 8 0 amappl5 104 1368 0 1354 1 0 1 1 0 8 0 amappl4 96 5400 0 5373 2 1 1 2 0 8 0 amappl3 88 1472 0 1460 1 0 1 1 0 8 0 amappl2 80 34756 0 34691 3 1 2 3 0 8 0 amappl1 72 154049 0 153611 23 13 10 19 0 8 0 amappl 80 16160 0 16124 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 149 0 20 3 0 3 3 0 8 0 uaddrrnd 24 5375 0 5359 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5375 0 5359 1 0 1 1 0 8 0 vmmpekpl 168 47953 0 47922 2 0 2 2 0 8 0 vmmpepl 168 696333 0 694745 206 120 86 92 0 357 12 vmsppl 368 5374 0 5359 2 0 2 2 0 8 0 pdppl 4096 10757 0 10718 6 0 6 6 0 8 1 pvpl 32 1658300 0 1647275 336 214 122 127 0 265 30 pmappl 232 5374 0 5359 11 10 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 607 0 11 18 0 18 18 0 8 0